SMTP Port 25

Anything and Everything Related to Messaging and Collaboration, Active Directory and Scripting. It’s My Life!!!

Configure Exchange 2013 Internet mail flow during migration

Posted by Krishna - MVP on December 30, 2013

As part of upgrading to Exchange 2013 from Exchange 2007/2010, we need to make sure that Exchange 2013 is the point of communication for sending and receiving email from the Internet.In addition to installing, configuring, and testing Exchange 2013 Server, migration also consists of configuring and testing mail flow between Exchange 2013 and Exchange 2007/2010. In this article we will understand on how to configure for both sending and receiving emails from internet


Configure Exchange 2013 Internet mail flow during migration

Hope this articles helps you Smile

Posted in Exchange 2013 | Tagged: , , , , | Leave a Comment »

Exchange 2013 DAG recovery in a stretched AD site

Posted by Krishna - MVP on December 30, 2013


An Active Directory site is stretched if it is spread across multiple physical sites. Exchange setup may vary from organization to organization. Some Exchange organization are single site , some are multi site and some times single sites is spread across multiple AD site. In this series of two posts, I will show you how to recover an Exchange 2013 Data Availability Group in a stretched AD site.


Exchange 2013 DAG recovery in a stretched AD site – Part 1

Exchange 2013 DAG recovery in a stretched AD site – Part 2

I hope this article gives you a clear picture of understanding and recovering the DAG in the stretched AD site scenario Smile

Posted in Exchange 2013 | Tagged: , , , | Leave a Comment »

Automating Cross Forest Migration from Exchange 2010 to Exchange 2010 using PowerShell – Part 2

Posted by Krishna - MVP on December 20, 2013

In the first part we have covered about the different cross forest migration scenario and preparing two forest and for migration of users. In this part we will talk about the PowerShell code and execution process of script to perform the cross forest migration of users.

Below is the script to automate the process of cross forest migration from to

if(!(get-pssnapin | ?{$ -eq "Quest.ActiveRoles.ADManagement"}))
Add-PSSnapin Quest.ActiveRoles.ADManagement

Write-host "`n******************************************************************"
Write-host "     Welcome to AD Account and Exchange Mailbox Migration script"
write-host "                                                           v 1.0" -f green
Write-host "`n******************************************************************"

$Exchangecsv = read-host "Enter the Exchange source file path "
$ADMTcsv = read-host "Enter the ADMT source file path "

read-host "Removing contacts at the target…"

import-csv $Exchangecsv| %{
    get-mailcontact -identity $ | remove-mailcontact -confirm:$false   

read-host "Using ADMT to move users from Green to Blue forest…"

ADMT USER /F:$ADMTcsv /SD:"" /SDC:"" /TD:"" /TDC:"" /TO:"galexclusion" /MSS:YES /UUR:YES
read-host "Enabeling Migrated users as Mail enabled user…"
import-csv $Exchangecsv| %{
    Enable-mailuser -identity  $ -externalemailaddress $_.Externalemailaddress -confirm:$False

read-host "Adding Contact Legacyexchangedn as X500 on the migrated user…"
import-csv $Exchangecsv| %{
    Get-qaduser $ | add-qadproxyaddress -customtype "X500" -address $_.legacydn | out-null

#hardcoding the credentails of source and target forest for using in prepare-moverequest.ps1 and New-Moverequest cmdlet
$lusername = "blue\administrator"
$lpassword = "Password1"
$lsecstr = New-Object -TypeName System.Security.SecureString
$lpassword.ToCharArray() | ForEach-Object {$lsecstr.AppendChar($_)}
$lcred = new-object -typename System.Management.Automation.PSCredential -argumentlist $lusername,$lsecstr

$rusername = "green\administrator"
$rpassword = "Password1"
$rsecstr = New-Object -TypeName System.Security.SecureString
$rpassword.ToCharArray() | ForEach-Object {$rsecstr.AppendChar($_)}
$rcred = new-object -typename System.Management.Automation.PSCredential -argumentlist $rusername, $rsecstr

read-host "Preparing the Migrated users for moving the mailbox…"
import-csv $Exchangecsv| %{
.\Prepare-MoveRequest.ps1 -identity $ -RemoteForestDomainController $_.sourcedc -RemoteForestCredential $rcred -LocalForestDomainController $_.targetdc -localForestCredential $lcred -uselocalobject -overwritelocalobject

read-host "Moving the mailbox from source to target forest…"
$TargetDB = Read-Host "Please enter the target DB name for the moving the mailbox "
import-csv $Exchangecsv| %{
New-Moverequest -identity $ -RemoteLegacy -TargetDatabase $TargetDB -RemoteGlobalCatalog "" -RemoteCredential $rcred -TargetDeliveryDomain "" | out-null

write-host -f Yellow "Script waits until the completion of mailbox moves and it display the status every 60 sec"
Import-Csv $Exchangecsv| %{Get-MoveRequest $} | select Displayname,Status,TargetDatabase
$completed = 1
Start-Sleep -Second 30
$completed = Import-Csv $Exchangecsv | %{Get-MoveRequest $} | ?{$_.Status -ne "Completed"}
}until($completed -eq $null)

read-host "Configuring the moved mailbox at target forest password settings,disable email address policy and email address as primary…"
import-csv $Exchangecsv| %{   
Get-QADUser -identity $ | set-qaduser -UserMustChangePassword:$false | out-null
Get-qaduser -identity $ | Disable-QADEmailAddressPolicy | out-null
Get-mailbox -identity $ | Set-Mailbox -PrimarySmtpAddress $_.Externalemailaddress | out-null


Preparation for executing the Script at the target forest


1. Copy the above content from text box to the new text file and name the file as “Migration.ps1”. Save the file under the folder path C:\CrossforestMigration

2. Copy Microsoft default script – Prepare-MoveRequest.ps1 from “C:\program files\Exchange\V14\Bin\scripts\” to “C:\Crossforestmigration” folder

3. Create ExchangeSource.csv and ADMTSource.csv files with the contents as defined below

ADMTSource.csv file format (Alias name of the source account as SourceName)


Figure 2. ADMTSource.csv file format

Exchangesource.csv file format (target forest mail contact as “contact”, source forest email address as “externalemailaddress, source forest DC as “sourcedc”, target forest DC as “targetdc”, and legacyexchangedn of the contact at target forest as “legacydn” )


Figure 3. Exchangesource.csv file format.

Executing the script

1. Login to the domain controller where ADMT is installed and open Exchange management shell (run as the exchange shell with admin account – “blue\Admtadmin”. This account should have rights for SID history and password migration)

2. Change the directory to the path C:\Crossforestmigration

3. Execute the script “.\Migration.ps1” and provide the input file with the path Exchangesource.csv and ADMTsource.csv as specified in figure 4. Script will migrate the users based on the input file. Below figure 4 is the execution summary of the same.


Figure 4. Migration script execution summary

After migration, Target contact will be converted into the mail enabled user and it will move the mailbox from the source forest to target forest. Source mailbox will be converted into the mail enabled user and these accounts has to be moved to GAL sync exclusion “organization unit” in the source forest.

I hope you will like this article and will be useful for your cross forest migration using free tools from Microsoft. Third party tools are very expensive and they provide a seamless migration but every one cannot afford for the third party application. This scripts come in handy for those who are unable to invest on third party application and still wanted to perform cross forest migration due to various reasons.

Posted in Exchange 2010 | Tagged: , , , , | Leave a Comment »

Automating Cross Forest Migration from Exchange 2010 to Exchange 2010 using PowerShell – Part 1

Posted by Krishna - MVP on December 20, 2013

Exchange to Exchange forest migration is a process of migrating exchange users mailbox from one AD forest to another. This normally happens for various reason and it could be because of

  1. Companies merger and acquisitions
  2. Companies segmenting their environment or security reason.
  3. Companies starting fresh exchange and leaving legacy system behind

Cross forest migration activity is a very tedious and complex task, often people get confused and skips out some of the process. It can lead to tons of rework and mess-up of the environment. Often many companies use 3rd party tools to migrate users in large scale environment and they come with very huge price tag. For others Microsoft provides some free tools like ADMT and Prepare-moverequest.ps1 to perform cross forest migration. These free tools help administrators to migrate the users from one forest to other but it is not easy or simple process. Administrator has to perform multiple, complex, manual, time-consuming activity to migrate users from one forest to another. Manual activity always lead to errors and can have a major impact on the production users after migration.

This article is to automate the cross forest migration of users from to at our lab, using PowerShell script and other free tools from Microsoft. We will perform the complete migration using PowerShell script with no human errors. Below Figure 1. Represents AD forest and

Figure 1. AD forest and

We will not go through the AD configuration of two forests used for migration in this article. We will assume that below are configured correctly to ensure communication and trust between the two forests. Some of the articles given below for reference purpose.

1. Good physical network connection between and

2. Configure DNS resolution between the forest

3. Two way trust Transitive trust is configured between blue and green domain

Refer: Article to create and configure DNS and Two way trust between two forests (note: This is just for reference purpose, reference domain/forest name may not be same in this article)

4. Create an admin account (Eg. Account name ADMTAdmin) at the target forest and make sure it is also a member of administrators group of both source forest and target forest. This provides necessary exchange permission to perform cross forest migration.

5. ADMT 3.2 is installed and configured in the domain controller at target domain

Note: There is a known issue where SID history cannot be migrated using ADMT 3.2 in command line mode on a windows 2008 member server. Work around solution is to install SQL express 2005 sp3 edition on domain controller and then install ADMT 3.2 on it.

6. Install and configure Password Export Server (PES) on domain controller. This is to get the password migrated from the source forest to target forest.

7. Disable SID filtering on target domain, this is to get SID history migrated from source forest to target forest

Refer: Article to configure PES and SID filtering. (Note: This just for reference purpose, referring domain/forest name may not be same)

8. Configure as accepted domain and Internal relay at forests and vice versa

Refer: Article on accepted domain and internal relay

9. Create and Configure new send connector to send email to domain from and vice versa

Refer: Article to create new Send connector

10. Configure GAL Sync between two forests. This will replicate forest exchange users as contact in forest and vice versa

Note: It’s important to exclude an “Organization Unit (OU)” at from GALsync for users, as this OU should contain migrated users from If this step is skipped then Gal Sync will create contacts for the account which is already existing in after migration. Similarly you should have the “Organization Unit (OU)” excluded from Gal sync at as well to move it once users are migrated to

You can use Microsoft FIM or free GALSync powershell script by Wapshere to perform GAL sync between two forests. Rephrased

11. Configure cross forest Availability service between domain and to share free busy information between two forests.

Refer: Article to configure cross forest Availability service.

12. Enable MRSProxy service on a Target forest CAS server

Refer: Article to enable MRSProxy

13. Download and install Quest Active Directory PowerShell commands on target domain controller.

With this we have configured and prepared both the forest to migrate users from one to another. Please continue with the part 2 of the article on migration PowerShell script and execution

Posted in Exchange 2010 | Tagged: , , , , | Leave a Comment »

Migrate from Exchange 2010 to Exchange 2013

Posted by Krishna - MVP on December 10, 2013

Microsoft has released the latest cumulative update 2 (CU2) of Exchange Server 2013. I believe it is the right time for an organization to start planning to migrate Exchange 2010 to Exchange 2013.

Below article should give you the quick idea on how to migrate from Exchange 2010 to Exchange 2013 environment in the production environment.

How to migrate Exchange 2010 to 2013 – Part 1


How to migrate Exchange 2010 to 2013 – Part 2

Hope you like this article ;)

Posted in Exchange 2007 | Tagged: , , | Leave a Comment »

Exchange 2013 HA and Site Resiliency

Posted by Krishna - MVP on August 21, 2013

I would say Exchange 2013 HA and site resiliency got into a matured state from the previous version of Exchange. Exchange 2013 provides multiple options for HA and site resilience. Microsoft has tried to keep human intervention to a minimum and allow Exchange to recover itself from any kind of failures so that the administrator can focus on recovering the failed hardware or server rather than recovering the service.

Below are the two articles by me on Exchange 2013 HA and Site resiliency

Exchange 2013 High Availability(HA)

Exchange 2013 Site Resiliency

I hope you got some quick understanding on Exchange 2013 HA and Site Resiliency options :)

Posted in Exchange 2013 | Leave a Comment »

ENow Management System 6.0 Delivers Exchange 2013 and Lync Support

Posted by Krishna - MVP on August 13, 2013

Media Contact:

Shawn Gundotra

(951) 268-7015




Corona, CA- August 13, 2013 – ENow, a Silver Microsoft Independent Software Vendor, specializing in the development of applications to simplify Microsoft system management, announced the release of EMS 6.0.

The EMS 6.0 release includes many benefits that will make the jobs of Microsoft Exchange and Lync administrators easier while at the same time increasing service availability. Microsoft Exchange 2013 has many improvements and is now being deployed. The EMS 6.0 release now enables Exchange 2013 administrators to proactively monitor and have visibility into their messaging infrastructure. EMS 6.0’s Mailscape module has received over 12 awards in the last 3 years including recently being named best Exchange Administration Tool by Mailscape proactively tests all the core messaging components including DAG configuration, external and internal mail flow, OWA, and ActiveSync. The reporting module has over 210 reports including detailed insight on mobile device usage.

Also included in this release is a new module, named UniScope, which provides visibility into Microsoft Lync deployments. Microsoft Lync is an outstanding Unified Communications platform that seamlessly integrates instant messaging, video conferencing, telecommunications and presence information. It enables consumers and company employees to communicate more efficiently and also increase productivity. Lync is being widely adopted and the need to proactively monitor this technology is critical as outages can cost a company thousands of dollars. UniScope proactively tests the core components of a Lync deployment including Front End, Web Conferencing, Mediation servers, end user connectivity, PSTN access and address book downloads.

“Due to our global customer base, we have a broad perspective on what technologies are being adopted.” states Jay Gundotra, CEO of ENow. “Microsoft has done a great job of continually adding useful features to both the Exchange and Lync platforms. As companies roll these technologies out, the dependency upon them grows and so does the need to ensure service availability. Our new additions to the EMS platform enable administrators to proactively manage both Exchange and Lync from a single dashboard.”

The ENow Management System is a monitoring and reporting platform which is currently used in over 50 countries by enterprise companies, including Facebook, NYSE, DirecTV, Blue Cross Blue Shield, Wendy’s and Advanced Auto Parts. The EMS platform features a dashboard with red, yellow, and green lights indicating the health of each monitored server. The solution enables IT support staff to proactively monitor servers in real time and avoid costly outages. It also provides administrators with deep reporting capabilities for Exchange, Office 365, BlackBerry, Active Directory, Lync and SharePoint servers.

About ENow

ENow is a Microsoft Silver Independent Software Vendor focused on helping companies implement the latest Microsoft technologies and developing software tools to simplify the job of an IT administrator. The ENow Management System (EMS) is an award winning platform that provides a dashboard view of Exchange, BlackBerry, SharePoint and Active Directory servers. For more information, call 1-877-TRY-ENOW, email us at, or visit us at

Posted in Exchange 2007 | Leave a Comment »

Automating Jetstress 2013 for Exchange 2013 using powershell

Posted by Krishna - MVP on July 26, 2013

Last week I wrote an article on Jetstress 2013 using PowerShell. It’s a very good script to automate Jetstress on exchange mailbox servers before the server build. It really helps on the large scale deployment. Please find the below link with the details of the same with the live example. This script is inspired by Neil Johnson’s – Automating Jetstress and it’s an updated version of the script.


Hope you like the article and let me know if you have any questions. :)

Posted in Exchange 2013, Powershell | Leave a Comment »

Bangalore User Group Event

Posted by Krishna - MVP on July 26, 2013

Please register for the Bangalore User Group Event using the below link,i will be taking a session on Exchange 2013 Role requirements Calculator.

Event Details

This is a Bangalore IT Pro and PowerShell Bangalore User Group combined UG meet.

Agenda for this meet is as follows:

10.00AM – 10.15AM – Registrations and Welcome note.

10.15AM – 10.45AM – PowerShell for Beginners – Deepak Dhami

10.45AM – 11.15AM – Introduction to Exchange Calculator – Krishna Kumar

11.15AM – 11.30AM – Break

11.30AM – 12.00Noon – PowerShell 4.0 – First Look – Ravikath Chaganti

12.00Noon – 12.30PM – Building GUI for PowerShell Scripts – Vinith Menon



Posted in Exchange 2007 | Leave a Comment »

Netwrix Active Directory Change Reporter

Posted by Krishna - MVP on May 7, 2013

Auditing is one of the most complex activities of the Windows Active Directory. Monitoring the changes and reporting immediately makes it very challenging for administrators. I would say that Netwrix Active Directory Change Reporter is one of the best tools available in the market with comprehensive collection of features to audit changes in Active Directory and report on them. It has a very robust way of checking, if any modification/change was done to Active Directory objects. It uses both Active Directory event logs and also takes the Active Directory snapshot to compare the data and get a consolidated report on who made the changes, what was changed, when and where exactly. These changes are logged into a local database and are stored in the SQL server for reporting purposes. It is a unified solution for a complete Active Directory auditing, reporting and monitoring.

The Latest version of Netwrix Active Directory Change Reporter is 7.2.721 and it is available in two flavors, Freeware and the fully loaded Enterprise Edition. Free version has limited functionality features and can be used for an unlimited time period. Enterprise version has lots of auditing and reporting options which will make the life of an Active Directory administrator easier and allow him to get necessary data right in the finger tips. It can be evaluated free of charge for 20 days.

Netwrix Active Directory Change Reporter tool supports Active Directory starting from Windows 2000, Windows 2003, Windows 2008 and even the latest Windows 2012 Active Directory environment.


It has other basic technical requirements to function.

1. Intel or AMD Processor with Minimum of 2 GHz for 32 bit processor or 3 GHz for 64 bit    processor is recommended

2. Memory 2 GB and above

3. Minimum of 50 GB disk for installation and an addition space for user, event and other necessary logs.

4. Active Directory permission to query an Active Directory

5. SQL server – SQL server 2005 Express Edition or above with an advanced service of SQL server, SQL server reporting tool and permission to generate reports.

6. Group policy management console to audit Active Directory Group Policy.

Required details of the tool can be found below link.

Native Active Directory tools do not provide a great flexibility to audit Active Directory changes and to report immediately. Raw data generated by the Windows native tools are always difficult to understand, analyze and it is an extremely time consuming process to analyze tons of logs. Most the times it is too late to analyze the logs as they would be overwritten. Netwrix solution for Active Directory Auditing overcomes these problems by saving the data in the SQL server.

There are also agents available for installing on the domain controller and these agents are optional. It helps to compress the data across the network and it is necessary if a change reporting tool is collecting data over the slow network but it should not make much of a difference if you are on a high speed network. Definitely it would be recommended to have agents installed in order to make the best utilization of all available networks.

Netwrix Active Directory Change Reporter also has some supporting tools like Group Policy Change reporter and Exchange Change Reporter. These two go very well with the Active Directory Change Reporter. Group Policy changes are critical and must be executed very carefully. Any mistake in Group Policy changes can have a big impact and not everyone in the organization has permission to modify the Group Policy. Netwrix Group Policy Change Reporter comes in handy to get complete details of the GPO with the details like who made the change, when was it made and also has details about “before and after” values more modified settings.

Exchange Change Reporter is another additional great component. Exchange is one of the business critical application and any downtime will have a major impact on an organization. Exchange Change Reporter keeps track of any addition, deletion, modification of the exchange attributes and generates reports on the changes. It also provides details about “before and after” values. The tool supports the earlier version of an exchange like the Exchange 2003, 2007 and 2010. The latest version of the Exchange Change Reporter supports Microsoft Exchange Server 2013 environment, which is one of the latest promising product of Microsoft.

­­­­­­Let’s understand some of the features of Netwrix Active Directory Change Reporter and what it can do for us.

It provides in-depth change details about every Active Directory object, its attributes and also includes security changes. Changes can be addition, deletion or modification of Active Directory objects and It includes complete details like, who made the changed, what was changed and where.

It provides a real time reporting where an administrator or the security team can be notified with an email or SMS immediately after the change is detected. It also integrates with Microsoft SCOM using SCOM Management pack which captures Active Directory data and feeds into the SCOM for reporting and alerting. It also provides flexibility to integrate with other third party reporting tools available in your organization.

All reporting information is stored in SQL Server, where an administrator can manually query, generate custom and automated reports. Reporting is one of the key features and it can generate some predefined reports for the purpose of compliance regulations like SOX, HIPAA, GLBA, and FISMA. As these regulations require storing the data for later review the tool provides the long-term storage option. These long-term storages can be also at different servers other than the SQL server. By default, the long-term audit archiving is done for 24 months and these settings can be changed, if required. It can also generate daily reports with all the change details performed during the previous day. The product provides an administrator with a console view and gives a great flexibility to query and generate reports with ease.

Any kinds of accidental changes have to be rolled back immediately and this tool provides option to roll back all accidental or unwanted changes using roll back wizard. Performing this kind of roll back/restore operation using native windows tool is cumbersome and has many limitations. This tool performs a smooth, quick and an easy roll back from all kinds of accidental or unwanted changes. This overcomes any downtime, security risk or ill effects caused due to accidental changes.

It can be easily installed on any workstation with latest Windows OS like Windows 8 or on a server OS like windows 2012. It just has to be setup once and it runs forever. It can query and manage multiple domains from a single installed machine and can even manage multiple domains with its own unique settings. This gives lot of flexibility to manage and modify the settings based on the business requirement.

It provides an easy option to query and generate default and custom reports from the management console. It has got all necessary filters like timelines (from-date and to-date), types/kind of changes, where the changes were made and it also provides an option to specify an individual domain and individual forest. It has a great flexibility, which helps to get any data from any domain and any forest within no time. Finally, once you have all the data in the report then it can be easily exported into CSV, Excel, PDF, Word or even a Tiff format.

Reports come in an easy understandable format with color coding. Actions like adding, removing, modifying all highlighted with different colors. Most importantly, it gives clear information on who made these changes, when they were made and what was done. With this you can find all the necessary data/reports from one location and you really don’t have to depend on multiple logs or have in-depth knowledge to analyses and understand the logs from different locations.

Active Directory snapshot is one of the best features of this tool. It takes Active Directory snapshot at multiple points and keeps it in the database. It helps to look back at a specific AD object and what settings were in the past. These details can be viewed through reporting custom queries and these come under an advance reporting tool that requires some configuration before using it.

Real-time altering is one of the key components for any reporting tool to notify on any critical changes. By default Netwrix Active Directory Change Reporter provides the real-time alerts option for the below mentioned groups and you can also add more users or groups, if necessary.

· Changes to Admin Group

· Changes to Domain Configuration

· Changes to any Active Directory Object

These real-time alerts can be sent via email or a text message right to the mobile device.

Netwrix Active Directory Change Reporter is very easy to install and configure. It needs some necessary configurations to function as required and these configurations can be made easily using wizards. Supported by other tools like Group Policy Change Reporter and Exchange Change Reporter it provides a great management option for IT administrators and security team. It will save a lot of time and energy of the administrator helping to avoid writing custom scripts or manual/LDAP queries to get the data for auditing or management purposes.

With this, I would like to finish my article saying that “Netwrix Active Directory Change Reporter is a great tool which is helpful for IT administrators and security teams”.

Use this link download Netwrix Active Directory Change Reporter:

Posted in Exchange 2007, Exchange 2010, Exchange 2013 | Tagged: , , , , | Leave a Comment »


Get every new post delivered to your Inbox.

Join 66 other followers